Troy Hunt
SEPTEMBER 6, 2021
For the last few years, I've been welcome national governments to Have I Been Pwned (HIBP) and granting them full and free access to domain-level searches via a dedicated API. Today, I'm very happy to welcome the Czech Republic's National Cyber and Information Security Agency who can now query their government domains along with the 26 other nations that have come before them.
Lohrman on Security
SEPTEMBER 5, 2021
For more than a decade there have been calls to merge physical and cybersecurity in global organizations. Is this the right time? What are the benefits?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
SEPTEMBER 8, 2021
Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.
Schneier on Security
SEPTEMBER 6, 2021
Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones. The good news is that product vendors are fixing this: Several of the headphones which could be tracked over time are for sale in electronics stores, but according to two of the manufacturers NRK have spoken to, these models are being phased out. “The products in your line-up, Elite Active 65t, Elite 65e and Evolve 75e, will be going out of production
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Troy Hunt
SEPTEMBER 9, 2021
111 years ago almost to the day, a murder was committed which ultimately led to the first criminal trial to use fingerprints as evidence. We've all since watched enough crime shows to understand that fingerprints are unique personal biometric attributes and to date, no two people have ever been found to have a matching set. As technology has evolved, fingers (and palms and irises and faces) have increasingly been used as a means of biometric authentication.
Tech Republic Security
SEPTEMBER 9, 2021
Some of these phrasings are standard day-to-day subject lines, but as one expert explained, "the attacker wants you to be moving too fast to stop and question if it's legitimate.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
SEPTEMBER 9, 2021
We knew the basics of this story , but it’s good to have more detail. Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor.
Trend Micro
SEPTEMBER 9, 2021
Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This vulnerability (designated as CVE-2021-40444) is currently delivered via malicious Office 365 documents and requires user input to open the file to trigger.
Tech Republic Security
SEPTEMBER 9, 2021
IT teams are experiencing employee pushback due to remote work policies and many feel like cybersecurity is a "thankless task" and that they're the "bad guys" for implementing these rules.
Krebs on Security
SEPTEMBER 6, 2021
In May 2015, KrebsOnSecurity briefly profiled “ The Manipulaters ,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering, while rather poorly hiding their activities behind a software development firm in Lahore that has secretly enabled an entire generation of
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Schneier on Security
SEPTEMBER 8, 2021
Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. An employee stole the phone. He reformatted the SIM, which was oddly the best possible outcome, given the circumstances. Using the data to steal money would have been much worse. Here’s a link to an archived version.
CSO Magazine
SEPTEMBER 7, 2021
COVID-19 has changed the face of security forever. The perimeter defense model, which had been slowly crumbling, has now been shattered. Employees are working from home, many of them permanently. Applications are shifting to the cloud at an accelerating pace. Enterprise security today is all about secure remote access and protecting cloud-based assets.
Tech Republic Security
SEPTEMBER 8, 2021
Technology is not the only answer: An expert suggests improving the human cyber capacity of a company's workforce plus cybersecurity technology offers a better chance of being safe.
Bleeping Computer
SEPTEMBER 9, 2021
New details have emerged about the recent Windows CVE-2021-40444 zero-day vulnerability, how it is being exploited in attacks, and the threat actor's ultimate goal of taking over corporate networks. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Schneier on Security
SEPTEMBER 10, 2021
After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.
Security Boulevard
SEPTEMBER 7, 2021
In this OSINT analysis I'll offer in-depth information and analysis of Bulgaria's Bulgarian Cyber Army including personally identifiable information on some of the key members behind the group for the purpose of assisting U.S Law Enforcement and the U.S Intelligence Community on its way to track down and prosecute the cybercriminals behind these campaigns.
Tech Republic Security
SEPTEMBER 9, 2021
Cyberattacks have surged during the coronavirus pandemic as criminals rake in bountiful ransomware payouts. Malicious office docs have been on the rise for months, per a new report.
Bleeping Computer
SEPTEMBER 5, 2021
TensorFlow, a popular Python-based machine learning and artificial intelligence project developed by Google has dropped support for YAML, to patch a critical code execution vulnerability. YAML is a convenient choice among developers looking for a human-readable data serialization language. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Schneier on Security
SEPTEMBER 7, 2021
Normal-looking cables (USB-C, Lightning, and so on) that exfiltrate data over a wireless network. I blogged about a previous prototype here.
Security Boulevard
SEPTEMBER 7, 2021
Amazon, Apple and Google will have their days in court, charged with listening to your conversations when you least expect it. The post Alexa, OK Google, Siri—Sued for Spying appeared first on Security Boulevard.
Tech Republic Security
SEPTEMBER 8, 2021
Only 33% of users surveyed by NordPass changed the default passwords on their IoT devices, leaving the rest susceptible to attack.
The Hacker News
SEPTEMBER 4, 2021
The U.S. Cyber Command on Friday warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments that could be abused by unauthenticated attackers to take control of a vulnerable system.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
SEPTEMBER 7, 2021
The dark web servers for the REvil ransomware operation have suddenly turned back on after an almost two-month absence. It is unclear if this marks their ransomware gang's return or the servers being turned on by law enforcement. [.].
We Live Security
SEPTEMBER 7, 2021
ESET researchers have investigated a targeted mobile espionage campaign against the Kurdish ethnic group, and that has been active since at least March 2020. The post BladeHawk group: Android espionage against Kurdish ethnic group appeared first on WeLiveSecurity.
Tech Republic Security
SEPTEMBER 8, 2021
Making predictions about data is the next frontier in terms of identifying risk in your infrastructure, expert says. But is it right for your organization?
CyberSecurity Insiders
SEPTEMBER 6, 2021
German government is urging mobile manufactures to offer security updates for devices up to seven years or at least 6 years so that it could increase the life of usage of phones to over 5 years. Already a proposal in this regard has been passed on to the European Union that also makes it mandatory for manufacturers to supply spare parts for their supplied devices to almost 70-90 months of time frame.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Bleeping Computer
SEPTEMBER 6, 2021
Ransomware gangs increasingly purchase access to a victim's network on dark web marketplaces and from other threat actors. Analyzing their want ads makes it possible to get an inside look at the types of companies ransomware operations are targeting for attacks. [.].
Security Boulevard
SEPTEMBER 8, 2021
T- Mobile was the latest victim of a massive cyber-attack where the personal information of more than 40 million customers was leaked in a data breach. A New York Times article titled, “T – Mobile Says Hack Exposed Personal Data of 40 million People” by Isabella Grullón stated that a vendor had reportedly been trying […]. The post Why You Should Invest in Cyber Security appeared first on Phoenix TS.
Tech Republic Security
SEPTEMBER 9, 2021
Chances are good you're not using your browser with a strong enough eye on security. Jack Wallen offers up some advice to the average user on how to browse safer.
CyberSecurity Insiders
SEPTEMBER 10, 2021
Cybersecurity firm Resecurity has confirmed that a hacker/s have breached the systems related to United Nations leading to the data breach. And preliminary inquiry has suggested that the attack took place as the cyber crooks gained login access into the governmental organization that operates with the aim to maintain international peace and security.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
339 
Let's personalize your content